Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   werde von Suchmaschine zu willkürlich falschen Seiten geleitet (https://www.trojaner-board.de/129662-suchmaschine-willkuerlich-falschen-seiten-geleitet.html)

comsutra 16.01.2013 18:53
werde von Suchmaschine zu willkürlich falschen Seiten geleitet
 
Hallo,

Ich brauche bitte eure Hilfe, auf dem Netbook von meinem Vater besteht das Problem das bei Suchanfragen die richtigen Seiten aufgelistet werden aber bei klick darauf wird man zu einer willkürlich anderen Seite umgeleitet. Malwarebytes, Kaspersky, Avira und Combofix brachten keinen erfolg. IP und DNS sind auf automatisch beziehen gestellt. Ich hab eine Logfile von Hijackthis,kann selbst aber nichts entdecken:


Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:12:11, on 2013.01.16.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17115)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.mainap.hu/?pc=UP22&ocid=UP22DHP&dt=010713
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358347319359
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui előbetöltője - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Komponenskategóriák gyorsítótárazási szolgáltatása - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Logikai lemezkezelő felügyeleti szolgáltatás (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Eseménynapló (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google frissítés Szolgáltatás (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google frissítés Szolgáltatás (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IMAPI CD-égető COM-szolgáltatás (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting távoli asztalmegosztás (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Távoli asztal súgó-munkamenetének kezelője (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intelligens kártya (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Teljesítménynaplók és riasztások (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: Kötet árnyékmásolata (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files\Wajam\Updater\WajamUpdater.exe
O23 - Service: WMI teljesítményadapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: A Windows Media Player hálózatmegosztási szolgáltatása (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 6862 bytes

Vielen dank im voraus!

markusg 16.01.2013 19:24
hi
das hindert dich nicht, unsere Anleitungen zu lesen, Hijackthis will eigendlich niemand mehr sehen :-)
und sollte auch nicht mehr verwendet werden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

comsutra 17.01.2013 15:24
Hallo,

danke für die schnelle Antwort, ein Freund von mir zeigte mir das Board hier und meinte ich solle mein Hijackthis Ergebnis hier posten :)
Thread hatte ich einen gefunden aber der war scheinbar geschlossen da ich nichts posten konnte.
Ich habe den Quickscan ausgeführt und der spuckt folgendes aus:

OTL Logfile:
Code:
OTL logfile created on: 2013.01.17. 13:26:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Documents and Settings\barna\Asztal
Windows XP Home Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.
 
1014,36 Mb Total Physical Memory | 678,67 Mb Available Physical Memory | 66,91% Memory free
2,38 Gb Paging File | 2,14 Gb Available in Paging File | 89,69% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 61,96 Gb Free Space | 83,14% Space Free | Partition Type: NTFS
 
Computer Name: MINI | User Name: barna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.17 11:26:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\barna\Asztal\OTL.exe
PRC - [2012.10.05 16:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2009.09.18 16:48:28 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.04.15 13:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.16 15:53:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_hu_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2013.01.16 15:53:36 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_hu_b77a5c561934e089\mscorlib.resources.dll
MOD - [2013.01.15 15:50:57 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
MOD - [2013.01.15 15:50:37 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013.01.15 15:47:35 | 000,684,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll
MOD - [2013.01.15 15:47:25 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013.01.15 15:30:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.15 15:25:54 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.15 15:25:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2009.02.27 18:59:24 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.HUN
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.05 16:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.09.18 16:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\barna\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009.07.23 10:57:22 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.07.23 10:57:22 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.23 10:57:22 | 000,100,480 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008.09.24 10:24:16 | 001,326,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.07.16 17:52:00 | 004,747,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.05.07 18:31:16 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.03.27 14:56:46 | 000,153,600 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2007.01.05 01:15:08 | 000,009,336 | ---- | M] (hxxp://www.internals.com) [Kernel | System | Running] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.mainap.hu/?pc=UP22&ocid=UP22DHP&dt=010713
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.14 08:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010.04.26 16:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\barna\Application Data\Mozilla\Extensions
[2013.01.14 15:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\barna\Application Data\Mozilla\Firefox\Profiles\6jrxibw6.default\extensions
[2010.12.21 13:51:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\barna\Application Data\Mozilla\Firefox\Profiles\6jrxibw6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.26 20:29:01 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\barna\Application Data\Mozilla\Firefox\Profiles\6jrxibw6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.31 21:01:21 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\barna\Application Data\Mozilla\Firefox\Profiles\6jrxibw6.default\searchplugins\bingp.xml
[2012.10.29 16:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.14 07:22:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}(2)
[2012.02.04 16:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.02.04 16:48:19 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\barna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Documents and Settings\barna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Documents and Settings\barna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.01.16 15:37:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358347319359 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5619AE9-D588-4B3B-B6FC-B076E9522720}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.21 13:29:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.17 13:24:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\barna\Asztal\OTL.exe
[2013.01.16 15:39:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.01.16 15:29:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.16 15:27:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.16 15:27:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.16 15:27:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.16 15:27:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.16 15:26:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.16 15:26:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.16 15:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barna\Start Menu\Programs\Wajam
[2013.01.16 15:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barna\Local Settings\Application Data\Wajam
[2013.01.16 15:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2013.01.16 14:29:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\barna\Dokumentumok\Videók
[2013.01.16 14:29:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\barna\Start Menu\Programs\Felügyeleti eszközök
[2013.01.14 14:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013.01.14 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barna\Application Data\Malwarebytes
[2013.01.14 13:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 13:25:01 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.17 13:25:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.17 13:02:40 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\qpdvyllnup.job
[2013.01.17 13:02:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.17 13:02:23 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.17 11:26:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\barna\Asztal\OTL.exe
[2013.01.16 16:40:52 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2013.01.16 16:32:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.16 16:04:34 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\barna\Asztal\Install Combofix.lnk
[2013.01.16 15:37:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.16 15:29:24 | 000,000,336 | RHS- | M] () -- C:\boot.ini
[2013.01.16 13:33:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.15 15:24:22 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\barna\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.01.15 15:24:22 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\barna\Asztal\Google Chrome.lnk
[2013.01.14 15:45:47 | 000,496,960 | ---- | M] () -- C:\WINDOWS\System32\perfh00E.dat
[2013.01.14 15:45:47 | 000,465,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.14 15:45:47 | 000,124,734 | ---- | M] () -- C:\WINDOWS\System32\perfc00E.dat
[2013.01.14 15:45:47 | 000,081,922 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.07 10:13:36 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Skype.lnk
[2013.01.06 06:21:19 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\System32\kbduslo.dll
[2012.12.27 10:24:05 | 000,124,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.26 18:00:38 | 000,098,563 | ---- | M] () -- C:\Documents and Settings\barna\Dokumentumok\522368_323971254376900_1902520425_n.jpg
[2012.12.26 17:58:59 | 001,161,743 | ---- | M] () -- C:\Documents and Settings\barna\Dokumentumok\20121223718.jpg
[2012.12.26 17:58:36 | 001,521,372 | ---- | M] () -- C:\Documents and Settings\barna\Dokumentumok\20121224724.jpg
 
========== Files Created - No Company Name ==========
 
[2013.01.16 16:04:34 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\barna\Asztal\Install Combofix.lnk
[2013.01.16 15:29:24 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2013.01.16 15:29:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013.01.16 15:27:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.16 15:27:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.16 15:27:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.16 15:27:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.16 15:27:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.06 06:21:19 | 000,118,784 | RHS- | C] () -- C:\WINDOWS\System32\kbduslo.dll
[2013.01.06 06:21:19 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\qpdvyllnup.job
[2012.12.26 18:00:36 | 000,098,563 | ---- | C] () -- C:\Documents and Settings\barna\Dokumentumok\522368_323971254376900_1902520425_n.jpg
[2012.12.26 17:58:44 | 001,161,743 | ---- | C] () -- C:\Documents and Settings\barna\Dokumentumok\20121223718.jpg
[2012.12.26 17:58:14 | 001,521,372 | ---- | C] () -- C:\Documents and Settings\barna\Dokumentumok\20121224724.jpg
[2012.10.11 12:40:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.04.14 09:14:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\barna\Local Settings\Application Data\FASTWiz.html
[2011.11.18 00:47:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.07.17 17:29:12 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\barna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.28 13:16:16 | 000,130,238 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2010.04.26 16:13:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.15 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:54:16 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.15 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.07.03 17:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2009.09.02 11:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.04.26 16:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.12.11 08:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barna\Application Data\com.adobe.hwp
[2009.08.20 10:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barna\Application Data\CoSoSys
[2011.07.04 10:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barna\Application Data\go
[2009.08.24 09:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barna\Application Data\OpenOffice.org
[2010.04.26 16:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barna\Application Data\Vodafone
[2009.07.01 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barna\Application Data\Windows Desktop Search
[2009.08.19 18:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barna\Application Data\Windows Search
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


M.f.G.

markusg 17.01.2013 19:10
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2013.01.06 06:21:19 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\System32\kbduslo.dll
[2013.01.17 13:02:40 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\qpdvyllnup.job
 :Files
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.

comsutra 18.02.2013 14:30
Hallo,

ich habe die MovedFiles hochgeladen, hat alles geklappt. Das OTR hat folgendes ausgespuckt:

Zitat:
All processes killed
========== OTL ==========
C:\WINDOWS\system32\kbduslo.dll moved successfully.
C:\WINDOWS\tasks\qpdvyllnup.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: barna
->Flash cache emptied: 3901698 bytes

User: Default User
->Flash cache emptied: 56502 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 4,00 mb


[EMPTYTEMP]

User: All Users

User: barna
->Temp folder emptied: 3971523 bytes
->Temporary Internet Files folder emptied: 2730963 bytes
->FireFox cache emptied: 90734825 bytes
->Google Chrome cache emptied: 7492957 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 604 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 57426 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02182013_141507

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
M.f.g.

Alexander

markusg 18.02.2013 17:11
Danke.
und der Rest?
bitte weiter lesen

comsutra 26.02.2013 13:00
Hallo,

mein Vater ist mitte 50 und kann mir dazu nichts sagen ausser Schulterzucken ;)


Zitat:
System volume information: dwHighDateTime = 0x1ca20f1,dwLowDateTime = 0x41f917f2
System32: dwHighDateTime = 0x1c9fa22,dwLowDateTime = 0x7fee018a
dwSerialNumber = 0xac5856d3
M.f.G

Alexander

markusg 26.02.2013 15:59
Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

comsutra 26.02.2013 18:14
Hallo,

der TDSSKiller hat keine Bedrohungen gefunden.

M.f.G. Alex

markusg 26.02.2013 20:45
log posten bitte

comsutra 27.02.2013 10:52
Zitat:
10:31:10.0875 2640 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:31:10.0937 2640 ============================================================
10:31:10.0937 2640 Current date / time: 2013/02/27 10:31:10.0937
10:31:10.0937 2640 SystemInfo:
10:31:10.0937 2640
10:31:10.0937 2640 OS Version: 5.1.2600 ServicePack: 3.0
10:31:10.0937 2640 Product type: Workstation
10:31:10.0937 2640 ComputerName: MINI
10:31:10.0937 2640 UserName: barna
10:31:10.0937 2640 Windows directory: C:\WINDOWS
10:31:10.0937 2640 System windows directory: C:\WINDOWS
10:31:10.0937 2640 Processor architecture: Intel x86
10:31:10.0937 2640 Number of processors: 2
10:31:10.0937 2640 Page size: 0x1000
10:31:10.0937 2640 Boot type: Normal boot
10:31:10.0937 2640 ============================================================
10:31:13.0046 2640 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:31:13.0093 2640 ============================================================
10:31:13.0093 2640 \Device\Harddisk0\DR0:
10:31:13.0093 2640 MBR partitions:
10:31:13.0093 2640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
10:31:13.0093 2640 ============================================================
10:31:13.0140 2640 C: <-> \Device\Harddisk0\DR0\Partition1
10:31:13.0140 2640 ============================================================
10:31:13.0156 2640 Initialize success
10:31:13.0156 2640 ============================================================
10:31:17.0000 2016 ============================================================
10:31:17.0000 2016 Scan started
10:31:17.0000 2016 Mode: Manual;
10:31:17.0000 2016 ============================================================
10:31:18.0062 2016 ================ Scan system memory ========================
10:31:18.0078 2016 System memory - ok
10:31:18.0078 2016 ================ Scan services =============================
10:31:18.0312 2016 Abiosdsk - ok
10:31:18.0328 2016 abp480n5 - ok
10:31:18.0406 2016 [ 5482FF197E59B4CA97CCB1B4740A2949 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:31:18.0500 2016 ACPI - ok
10:31:18.0546 2016 [ 582C901174A7F0733C6FE41C37C9A80B ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:31:18.0546 2016 ACPIEC - ok
10:31:18.0562 2016 adpu160m - ok
10:31:18.0625 2016 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:31:18.0671 2016 aec - ok
10:31:18.0734 2016 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:31:18.0750 2016 AFD - ok
10:31:18.0765 2016 Aha154x - ok
10:31:18.0781 2016 aic78u2 - ok
10:31:18.0796 2016 aic78xx - ok
10:31:18.0828 2016 [ 30A9D14627F79DA00907FD78472F2A2E ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:31:18.0828 2016 Alerter - ok
10:31:18.0875 2016 [ 2AC9E97D0E32250098EFC9AC937CA097 ] ALG C:\WINDOWS\System32\alg.exe
10:31:18.0875 2016 ALG - ok
10:31:18.0890 2016 AliIde - ok
10:31:18.0906 2016 amsint - ok
10:31:18.0921 2016 AppMgmt - ok
10:31:19.0015 2016 [ 7D53E5646BA23FD51296F7EF8979A000 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
10:31:19.0062 2016 AR5416 - ok
10:31:19.0078 2016 asc - ok
10:31:19.0078 2016 asc3350p - ok
10:31:19.0093 2016 asc3550 - ok
10:31:19.0218 2016 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:31:19.0234 2016 aspnet_state - ok
10:31:19.0265 2016 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:31:19.0265 2016 AsyncMac - ok
10:31:19.0312 2016 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:31:19.0328 2016 atapi - ok
10:31:19.0328 2016 Atdisk - ok
10:31:19.0375 2016 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:31:19.0375 2016 Atmarpc - ok
10:31:19.0421 2016 [ 8C5F1FBD05F9ACCB319234F52ABD58A6 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:31:19.0421 2016 AudioSrv - ok
10:31:19.0484 2016 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:31:19.0484 2016 audstub - ok
10:31:19.0531 2016 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:31:19.0531 2016 Beep - ok
10:31:19.0609 2016 [ 15C6AF3ABC00614E6D0031A9C0C4650D ] BITS C:\WINDOWS\system32\qmgr.dll
10:31:19.0656 2016 BITS - ok
10:31:19.0718 2016 [ CC0DEA82AC95B75FE5A2981DF9B27E52 ] Browser C:\WINDOWS\System32\browser.dll
10:31:19.0718 2016 Browser - ok
10:31:19.0765 2016 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
10:31:19.0765 2016 BrScnUsb - ok
10:31:19.0812 2016 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
10:31:19.0812 2016 BthEnum - ok
10:31:19.0828 2016 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
10:31:19.0828 2016 BthPan - ok
10:31:19.0875 2016 [ 3EFFD361BA52380246B7A073F73AEC1F ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
10:31:19.0890 2016 BTHPORT - ok
10:31:19.0953 2016 [ 3C5503F3FD99640872CCA0DB0133B86A ] BthServ C:\WINDOWS\System32\bthserv.dll
10:31:19.0953 2016 BthServ - ok
10:31:19.0968 2016 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
10:31:19.0968 2016 BTHUSB - ok
10:31:20.0125 2016 catchme - ok
10:31:20.0156 2016 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:31:20.0156 2016 cbidf2k - ok
10:31:20.0187 2016 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:31:20.0187 2016 CCDECODE - ok
10:31:20.0203 2016 cd20xrnt - ok
10:31:20.0250 2016 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:31:20.0250 2016 Cdaudio - ok
10:31:20.0281 2016 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:31:20.0296 2016 Cdfs - ok
10:31:20.0312 2016 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:31:20.0312 2016 Cdrom - ok
10:31:20.0328 2016 Changer - ok
10:31:20.0359 2016 [ 02F5DEACF251E36FD49CF7988FF13A51 ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:31:20.0359 2016 CiSvc - ok
10:31:20.0406 2016 [ B2E62EC6450E0ECE720D3FEF32FCF10C ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:31:20.0406 2016 ClipSrv - ok
10:31:20.0468 2016 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:31:20.0578 2016 clr_optimization_v2.0.50727_32 - ok
10:31:20.0625 2016 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:31:20.0625 2016 CmBatt - ok
10:31:20.0640 2016 CmdIde - ok
10:31:20.0671 2016 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:31:20.0671 2016 Compbatt - ok
10:31:20.0687 2016 COMSysApp - ok
10:31:20.0718 2016 Cpqarray - ok
10:31:20.0765 2016 [ 13CB7FC794D005D60712FDD9F1362235 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:31:20.0765 2016 CryptSvc - ok
10:31:20.0781 2016 dac2w2k - ok
10:31:20.0796 2016 dac960nt - ok
10:31:20.0875 2016 [ 293D96B9A523C8D3A5F3EE448405388E ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:31:20.0890 2016 DcomLaunch - ok
10:31:20.0953 2016 [ 88A08B697755D99FFCF229E3E773B21E ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:31:20.0968 2016 Dhcp - ok
10:31:20.0984 2016 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:31:21.0000 2016 Disk - ok
10:31:21.0015 2016 dmadmin - ok
10:31:21.0078 2016 [ AE717BE311722CEEBD9A27B57757A123 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:31:21.0109 2016 dmboot - ok
10:31:21.0140 2016 [ 66B7462AD4844052D4A6CBEA3AA486A0 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:31:21.0156 2016 dmio - ok
10:31:21.0171 2016 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:31:21.0171 2016 dmload - ok
10:31:21.0218 2016 [ EB86919019E3A7FCE1DED4F89EB32E54 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:31:21.0218 2016 dmserver - ok
10:31:21.0250 2016 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:31:21.0250 2016 DMusic - ok
10:31:21.0328 2016 [ 8CB9214B148FD7B66D524609FD8C7CF5 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:31:21.0328 2016 Dnscache - ok
10:31:21.0375 2016 [ CDED26AA86A41D839CF00E96614C3B9F ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:31:21.0390 2016 Dot3svc - ok
10:31:21.0390 2016 dpti2o - ok
10:31:21.0437 2016 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:31:21.0437 2016 drmkaud - ok
10:31:21.0500 2016 [ D5E22253A2B7329A93631282FD336615 ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:31:21.0500 2016 EapHost - ok
10:31:21.0531 2016 [ BF7E7D1F855ED30A0D754B72C2304123 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:31:21.0531 2016 ERSvc - ok
10:31:21.0593 2016 [ 9CEDBFBE08BC1C4F35F74B8F96E0289A ] Eventlog C:\WINDOWS\system32\services.exe
10:31:21.0609 2016 Eventlog - ok
10:31:21.0625 2016 [ A881F33B3188F5A38AA19043663E2F32 ] EventSystem C:\WINDOWS\system32\es.dll
10:31:21.0640 2016 EventSystem - ok
10:31:21.0703 2016 [ 9032405F762F1AFA92DFEF99CB078306 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
10:31:21.0703 2016 ewusbnet - ok
10:31:21.0750 2016 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:31:21.0765 2016 Fastfat - ok
10:31:21.0828 2016 [ A98A7711F918B415F4BA0880F5B537EF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:31:21.0828 2016 FastUserSwitchingCompatibility - ok
10:31:21.0875 2016 [ 7EF8ADDF0841FDE48E3D216A3D060000 ] Fax C:\WINDOWS\system32\fxssvc.exe
10:31:21.0890 2016 Fax - ok
10:31:21.0906 2016 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:31:21.0921 2016 Fdc - ok
10:31:21.0937 2016 [ 0986FCA8FD7A56D9F1628FE6EF321090 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:31:21.0937 2016 Fips - ok
10:31:21.0968 2016 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:31:21.0984 2016 Flpydisk - ok
10:31:22.0000 2016 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:31:22.0000 2016 FltMgr - ok
10:31:22.0062 2016 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:31:22.0078 2016 FontCache3.0.0.0 - ok
10:31:22.0078 2016 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:31:22.0093 2016 Fs_Rec - ok
10:31:22.0109 2016 [ 44225407F69666099C4D4C6BC9CD804D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:31:22.0109 2016 Ftdisk - ok
10:31:22.0156 2016 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:31:22.0156 2016 Gpc - ok
10:31:22.0312 2016 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:31:22.0328 2016 gupdate - ok
10:31:22.0328 2016 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:31:22.0343 2016 gupdatem - ok
10:31:22.0375 2016 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:31:22.0375 2016 HDAudBus - ok
10:31:22.0437 2016 [ 744A3119989A6B2930CDF66A759D65CD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:31:22.0437 2016 helpsvc - ok
10:31:22.0484 2016 [ 44CC4AAAF73D16AAC6D30C3798D0C219 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:31:22.0484 2016 HidServ - ok
10:31:22.0515 2016 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:31:22.0515 2016 HidUsb - ok
10:31:22.0562 2016 [ 1322F13BBC291ADC31B5DCA438747175 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:31:22.0562 2016 hkmsvc - ok
10:31:22.0578 2016 hpn - ok
10:31:22.0640 2016 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:31:22.0656 2016 HTTP - ok
10:31:22.0703 2016 [ 08B50881BAFB64EA335D33C365E5C66D ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:31:22.0718 2016 HTTPFilter - ok
10:31:22.0765 2016 [ 60AEC3F4EC355D9F46D545A0FA08CE87 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
10:31:22.0765 2016 hwdatacard - ok
10:31:22.0812 2016 [ B93D3C81EF1D372DC5BD5E6275362E1A ] hwusbfake C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
10:31:22.0812 2016 hwusbfake - ok
10:31:22.0828 2016 i2omgmt - ok
10:31:22.0843 2016 i2omp - ok
10:31:22.0906 2016 [ D7947ECF17544CED478BD969939DB349 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:31:22.0906 2016 i8042prt - ok
10:31:23.0218 2016 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:31:23.0500 2016 ialm - ok
10:31:23.0671 2016 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:31:23.0703 2016 idsvc - ok
10:31:23.0750 2016 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:31:23.0750 2016 Imapi - ok
10:31:23.0796 2016 [ 82911FEAED2529008424DA1D51A6651B ] ImapiService C:\WINDOWS\system32\imapi.exe
10:31:23.0796 2016 ImapiService - ok
10:31:23.0828 2016 ini910u - ok
10:31:24.0109 2016 [ 47C79F7E330CBB829934D00F64D55FC9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:31:24.0203 2016 IntcAzAudAddService - ok
10:31:24.0218 2016 [ 6E91FDD73F250BBCFEBBA34A0F8C8F69 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:31:24.0218 2016 IntelIde - ok
10:31:24.0250 2016 [ 5182797825B78FABA84F7A82603E212D ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:31:24.0250 2016 intelppm - ok
10:31:24.0296 2016 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:31:24.0296 2016 Ip6Fw - ok
10:31:24.0296 2016 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:31:24.0296 2016 IpFilterDriver - ok
10:31:24.0312 2016 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:31:24.0312 2016 IpInIp - ok
10:31:24.0359 2016 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:31:24.0359 2016 IpNat - ok
10:31:24.0375 2016 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:31:24.0375 2016 IPSec - ok
10:31:24.0421 2016 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:31:24.0421 2016 IRENUM - ok
10:31:24.0437 2016 [ 3685529CAA2B14C9632E85E265BA293B ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:31:24.0437 2016 isapnp - ok
10:31:24.0453 2016 [ 51D3342D1A0C19605095405352BB009B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:31:24.0453 2016 Kbdclass - ok
10:31:24.0484 2016 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:31:24.0500 2016 kmixer - ok
10:31:24.0531 2016 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:31:24.0531 2016 KSecDD - ok
10:31:24.0562 2016 [ DFC9B89703A8A9E6B62748071C4018A7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
10:31:24.0578 2016 LanmanServer - ok
10:31:24.0640 2016 [ 41FED582870A61667E3A4724049EAB4F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:31:24.0640 2016 lanmanworkstation - ok
10:31:24.0640 2016 lbrtfdc - ok
10:31:24.0703 2016 [ 5B56B702C586E0ECAB3F73D3A8B804F4 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:31:24.0718 2016 LmHosts - ok
10:31:24.0765 2016 [ 05C44A00BC1F84AC9B959E0389B9F7F1 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:31:24.0765 2016 Messenger - ok
10:31:24.0812 2016 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:31:24.0812 2016 mnmdd - ok
10:31:24.0859 2016 [ EB005CB40470CE2980AFFED53FE0C84F ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:31:24.0859 2016 mnmsrvc - ok
10:31:24.0890 2016 [ 226B93EB15B1C819FA021A5167C5809D ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:31:24.0890 2016 Modem - ok
10:31:24.0937 2016 [ 705CAC1902DCD3E3181A199D7AD40D13 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:31:24.0937 2016 Mouclass - ok
10:31:24.0984 2016 [ 6A79CB27D0E608A45638CD9468269A3E ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:31:24.0984 2016 mouhid - ok
10:31:25.0031 2016 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:31:25.0031 2016 MountMgr - ok
10:31:25.0078 2016 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:31:25.0078 2016 MpFilter - ok
10:31:25.0093 2016 mraid35x - ok
10:31:25.0140 2016 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:31:25.0156 2016 MRxDAV - ok
10:31:25.0218 2016 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:31:25.0234 2016 MRxSmb - ok
10:31:25.0281 2016 [ 95468A97BB0CABCA3BAA14D2F25ADF58 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:31:25.0296 2016 MSDTC - ok
10:31:25.0312 2016 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:31:25.0312 2016 Msfs - ok
10:31:25.0328 2016 MSIServer - ok
10:31:25.0359 2016 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:31:25.0359 2016 MSKSSRV - ok
10:31:25.0437 2016 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:31:25.0437 2016 MsMpSvc - ok
10:31:25.0484 2016 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:31:25.0484 2016 MSPCLOCK - ok
10:31:25.0500 2016 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:31:25.0500 2016 MSPQM - ok
10:31:25.0546 2016 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:31:25.0546 2016 mssmbios - ok
10:31:25.0578 2016 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:31:25.0593 2016 MSTEE - ok
10:31:25.0640 2016 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:31:25.0640 2016 Mup - ok
10:31:25.0671 2016 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:31:25.0687 2016 NABTSFEC - ok
10:31:25.0734 2016 [ BA626DD0478F59E6D841B5BA136F7851 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:31:25.0750 2016 napagent - ok
10:31:25.0796 2016 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:31:25.0796 2016 NDIS - ok
10:31:25.0843 2016 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:31:25.0843 2016 NdisIP - ok
10:31:25.0890 2016 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:31:25.0890 2016 NdisTapi - ok
10:31:25.0921 2016 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:31:25.0921 2016 Ndisuio - ok
10:31:25.0953 2016 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:31:25.0968 2016 NdisWan - ok
10:31:26.0000 2016 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:31:26.0015 2016 NDProxy - ok
10:31:26.0031 2016 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:31:26.0046 2016 NetBIOS - ok
10:31:26.0078 2016 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:31:26.0078 2016 NetBT - ok
10:31:26.0140 2016 [ 760DCA57A43EE12A544D3C4C172944F1 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:31:26.0156 2016 NetDDE - ok
10:31:26.0171 2016 [ 760DCA57A43EE12A544D3C4C172944F1 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:31:26.0171 2016 NetDDEdsdm - ok
10:31:26.0234 2016 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] Netlogon C:\WINDOWS\system32\lsass.exe
10:31:26.0234 2016 Netlogon - ok
10:31:26.0265 2016 [ B27FCDC1175C84CCCEC8A543B9A2099A ] Netman C:\WINDOWS\System32\netman.dll
10:31:26.0281 2016 Netman - ok
10:31:26.0328 2016 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:31:26.0328 2016 NetTcpPortSharing - ok
10:31:26.0390 2016 [ 47E4D2E0100CE5D59A2C0DAA1E174177 ] Nla C:\WINDOWS\System32\mswsock.dll
10:31:26.0406 2016 Nla - ok
10:31:26.0468 2016 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:31:26.0468 2016 Npfs - ok
10:31:26.0531 2016 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:31:26.0562 2016 Ntfs - ok
10:31:26.0578 2016 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:31:26.0578 2016 NtLmSsp - ok
10:31:26.0640 2016 [ 7BCAB6A25F1DCAB6057B94AFD308703D ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:31:26.0656 2016 NtmsSvc - ok
10:31:26.0703 2016 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:31:26.0703 2016 Null - ok
10:31:26.0718 2016 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:31:26.0734 2016 NwlnkFlt - ok
10:31:26.0750 2016 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:31:26.0750 2016 NwlnkFwd - ok
10:31:26.0781 2016 [ 632F154061074A9A1B75ECBBA89D8D42 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:31:26.0796 2016 Parport - ok
10:31:26.0812 2016 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:31:26.0812 2016 PartMgr - ok
10:31:26.0843 2016 [ 4DF92A889E7FE15ED3834D288A0271F5 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:31:26.0843 2016 ParVdm - ok
10:31:26.0859 2016 [ B4A9C91CFDD5C68E2E48C0754E3A88F9 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:31:26.0859 2016 PCI - ok
10:31:26.0875 2016 PCIDump - ok
10:31:26.0890 2016 [ FBF3CC42488FD2CE49F9427240CD5809 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:31:26.0890 2016 PCIIde - ok
10:31:26.0921 2016 [ 3DEFB381B9CDCA9D4375BD37A3C0189B ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:31:26.0937 2016 Pcmcia - ok
10:31:26.0953 2016 PDCOMP - ok
10:31:26.0953 2016 PDFRAME - ok
10:31:26.0968 2016 PDRELI - ok
10:31:26.0984 2016 PDRFRAME - ok
10:31:27.0000 2016 perc2 - ok
10:31:27.0015 2016 perc2hib - ok
10:31:27.0093 2016 [ 9CEDBFBE08BC1C4F35F74B8F96E0289A ] PlugPlay C:\WINDOWS\system32\services.exe
10:31:27.0093 2016 PlugPlay - ok
10:31:27.0109 2016 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:31:27.0125 2016 PolicyAgent - ok
10:31:27.0187 2016 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:31:27.0187 2016 PptpMiniport - ok
10:31:27.0187 2016 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:31:27.0203 2016 ProtectedStorage - ok
10:31:27.0203 2016 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:31:27.0218 2016 PSched - ok
10:31:27.0218 2016 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:31:27.0218 2016 Ptilink - ok
10:31:27.0234 2016 ql1080 - ok
10:31:27.0234 2016 Ql10wnt - ok
10:31:27.0250 2016 ql12160 - ok
10:31:27.0265 2016 ql1240 - ok
10:31:27.0265 2016 ql1280 - ok
10:31:27.0296 2016 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:31:27.0296 2016 RasAcd - ok
10:31:27.0359 2016 [ 99056DEDCECD84C97199DF04B0C2A06C ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:31:27.0359 2016 RasAuto - ok
10:31:27.0406 2016 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:31:27.0406 2016 Rasl2tp - ok
10:31:27.0453 2016 [ 06BDE13F36B12B0732160815D4DEE293 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:31:27.0468 2016 RasMan - ok
10:31:27.0468 2016 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:31:27.0484 2016 RasPppoe - ok
10:31:27.0484 2016 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:31:27.0484 2016 Raspti - ok
10:31:27.0515 2016 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:31:27.0531 2016 Rdbss - ok
10:31:27.0546 2016 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:31:27.0546 2016 RDPCDD - ok
10:31:27.0609 2016 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:31:27.0625 2016 RDPWD - ok
10:31:27.0671 2016 [ 021ECF2D4CF03FF4F6F7FB55BCE980B7 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:31:27.0671 2016 RDSessMgr - ok
10:31:27.0718 2016 [ 3C706FD765482112C3A6D42E1D7B58BB ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:31:27.0718 2016 redbook - ok
10:31:27.0781 2016 [ 48330A8AF52D0FBFA8ED9B25AF882EB1 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:31:27.0796 2016 RemoteAccess - ok
10:31:27.0843 2016 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
10:31:27.0843 2016 RFCOMM - ok
10:31:27.0890 2016 [ A60D90C4E394F350D0FE26976839E10B ] RpcLocator C:\WINDOWS\system32\locator.exe
10:31:27.0890 2016 RpcLocator - ok
10:31:27.0937 2016 [ 293D96B9A523C8D3A5F3EE448405388E ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:31:27.0953 2016 RpcSs - ok
10:31:27.0968 2016 [ B1977A059FBCC68EB8A1752A3CF4CB31 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RTS5121.sys
10:31:27.0984 2016 RSUSBSTOR - ok
10:31:28.0031 2016 [ F11743652869182B2A0AD40EE16E914C ] RSVP C:\WINDOWS\system32\rsvp.exe
10:31:28.0046 2016 RSVP - ok
10:31:28.0062 2016 [ 7174F20AD9B7B7878A51ECCA03C499C2 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:31:28.0062 2016 RTLE8023xp - ok
10:31:28.0078 2016 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] SamSs C:\WINDOWS\system32\lsass.exe
10:31:28.0093 2016 SamSs - ok
10:31:28.0125 2016 [ 47A1586F642C33B2300D8AC9822EC5E6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:31:28.0125 2016 SCardSvr - ok
10:31:28.0171 2016 [ 2E1B2DF1ABE710E2928AE095A2416CA2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:31:28.0171 2016 Schedule - ok
10:31:28.0234 2016 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:31:28.0234 2016 Secdrv - ok
10:31:28.0265 2016 [ D437DE698F9301BAF0FC451A4FEA79EB ] seclogon C:\WINDOWS\System32\seclogon.dll
10:31:28.0265 2016 seclogon - ok
10:31:28.0296 2016 [ D92F5928E1C76FA421CD469CCD599855 ] SENS C:\WINDOWS\system32\sens.dll
10:31:28.0296 2016 SENS - ok
10:31:28.0312 2016 [ 87DF40B4DB611EFBDF74C9B3ECCAB417 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:31:28.0312 2016 Serial - ok
10:31:28.0343 2016 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:31:28.0343 2016 Sfloppy - ok
10:31:28.0406 2016 [ 0D9AF293975F4565A53DB8876E0304CD ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:31:28.0421 2016 SharedAccess - ok
10:31:28.0453 2016 [ A98A7711F918B415F4BA0880F5B537EF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:31:28.0468 2016 ShellHWDetection - ok
10:31:28.0468 2016 Simbad - ok
10:31:28.0578 2016 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:31:28.0593 2016 SkypeUpdate - ok
10:31:28.0625 2016 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:31:28.0625 2016 SLIP - ok
10:31:28.0640 2016 Sparrow - ok
10:31:28.0671 2016 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:31:28.0687 2016 splitter - ok
10:31:28.0718 2016 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:31:28.0734 2016 Spooler - ok
10:31:28.0781 2016 [ 38E904FB6139945822B929EAF2570CA5 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:31:28.0796 2016 sr - ok
10:31:28.0843 2016 [ 58B62B642DEB5D9BC712269BF33073FA ] srservice C:\WINDOWS\system32\srsvc.dll
10:31:28.0859 2016 srservice - ok
10:31:28.0921 2016 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:31:28.0937 2016 Srv - ok
10:31:28.0968 2016 [ 05EF84F349B5718ACFC7F166C9ED8349 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:31:28.0968 2016 SSDPSRV - ok
10:31:29.0062 2016 [ 68DD74D33B4B0EC3221024BF17649404 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:31:29.0062 2016 stisvc - ok
10:31:29.0109 2016 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:31:29.0109 2016 streamip - ok
10:31:29.0125 2016 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:31:29.0125 2016 swenum - ok
10:31:29.0156 2016 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:31:29.0156 2016 swmidi - ok
10:31:29.0171 2016 SwPrv - ok
10:31:29.0171 2016 symc810 - ok
10:31:29.0187 2016 symc8xx - ok
10:31:29.0187 2016 sym_hi - ok
10:31:29.0203 2016 sym_u3 - ok
10:31:29.0234 2016 [ 0B52CBE6998E2E2CAA1D404D1A1D30DE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:31:29.0234 2016 SynTP - ok
10:31:29.0265 2016 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:31:29.0265 2016 sysaudio - ok
10:31:29.0312 2016 [ 5C95E044E50EE133A1F9CD7A20C642ED ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:31:29.0312 2016 SysmonLog - ok
10:31:29.0375 2016 [ DC7489BBF629FA7E8EB1BE6A96EC5366 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:31:29.0390 2016 TapiSrv - ok
10:31:29.0484 2016 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:31:29.0500 2016 Tcpip - ok
10:31:29.0531 2016 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:31:29.0531 2016 TDPIPE - ok
10:31:29.0562 2016 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:31:29.0562 2016 TDTCP - ok
10:31:29.0593 2016 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:31:29.0593 2016 TermDD - ok
10:31:29.0671 2016 [ 9BA79E5A12285E988FE65D26643B2930 ] TermService C:\WINDOWS\System32\termsrv.dll
10:31:29.0671 2016 TermService - ok
10:31:29.0718 2016 [ A98A7711F918B415F4BA0880F5B537EF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:31:29.0718 2016 Themes - ok
10:31:29.0734 2016 TosIde - ok
10:31:29.0750 2016 [ 95D39C8DAB384C298A0FCAE9D11E70CD ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:31:29.0750 2016 TrkWks - ok
10:31:29.0796 2016 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:31:29.0796 2016 Udfs - ok
10:31:29.0812 2016 ultra - ok
10:31:29.0859 2016 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:31:29.0875 2016 Update - ok
10:31:29.0921 2016 [ 720F67B91A60BAA415BC42FB5502A6B1 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:31:29.0921 2016 upnphost - ok
10:31:29.0953 2016 [ 29677A815EDAEA1AFDDCB0706C5252D2 ] UPS C:\WINDOWS\System32\ups.exe
10:31:29.0953 2016 UPS - ok
10:31:30.0015 2016 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:31:30.0015 2016 usbccgp - ok
10:31:30.0031 2016 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:31:30.0031 2016 usbehci - ok
10:31:30.0046 2016 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:31:30.0046 2016 usbhub - ok
10:31:30.0109 2016 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:31:30.0109 2016 usbprint - ok
10:31:30.0140 2016 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:31:30.0156 2016 usbscan - ok
10:31:30.0187 2016 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:31:30.0187 2016 usbstor - ok
10:31:30.0218 2016 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:31:30.0218 2016 usbuhci - ok
10:31:30.0234 2016 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
10:31:30.0234 2016 usbvideo - ok
10:31:30.0250 2016 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:31:30.0250 2016 VgaSave - ok
10:31:30.0265 2016 ViaIde - ok
10:31:30.0375 2016 [ 60C4B117ED03861379B2EE54EBFC8581 ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
10:31:30.0375 2016 VMCService - ok
10:31:30.0406 2016 [ 9946CFCC7E445E1D846DB748299724EB ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:31:30.0406 2016 VolSnap - ok
10:31:30.0468 2016 [ 0E732B7FEBD8E568C299F7B7844A58D2 ] VSS C:\WINDOWS\System32\vssvc.exe
10:31:30.0468 2016 VSS - ok
10:31:30.0500 2016 [ 0064029A603FCAAE6FE923A36BE93D86 ] W32Time C:\WINDOWS\system32\w32time.dll
10:31:30.0515 2016 W32Time - ok
10:31:30.0609 2016 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files\Wajam\Updater\WajamUpdater.exe
10:31:30.0609 2016 WajamUpdater - ok
10:31:30.0671 2016 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:31:30.0671 2016 Wanarp - ok
10:31:30.0687 2016 WDICA - ok
10:31:30.0718 2016 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:31:30.0718 2016 wdmaud - ok
10:31:30.0734 2016 [ FF0BFDF40334A24D5C3334004966B505 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:31:30.0750 2016 WebClient - ok
10:31:30.0812 2016 [ 819C68FF6C4C63886D636FFB2DABF5EF ] WINIO C:\WINDOWS\system32\WinIo.sys
10:31:30.0812 2016 WINIO - ok
10:31:30.0906 2016 [ C0434C31A059EB92FF378DF3E60B9967 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:31:30.0921 2016 winmgmt - ok
10:31:30.0984 2016 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:31:30.0984 2016 WmdmPmSN - ok
10:31:31.0031 2016 [ 74A8863A5D168AF325FE7744359374C6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:31:31.0031 2016 WmiApSrv - ok
10:31:31.0156 2016 [ EFD0218C157DBFC71CF88DF8FF6ED100 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:31:31.0187 2016 WMPNetworkSvc - ok
10:31:31.0218 2016 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:31:31.0234 2016 WS2IFSL - ok
10:31:31.0281 2016 [ BC50F125804F7E5E2CCBCB2E008C57CE ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:31:31.0281 2016 wscsvc - ok
10:31:31.0296 2016 WSearch - ok
10:31:31.0312 2016 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:31:31.0312 2016 WSTCODEC - ok
10:31:31.0328 2016 [ 92F33CF2ED203160B68C16C51074D531 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:31:31.0328 2016 wuauserv - ok
10:31:31.0359 2016 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:31:31.0375 2016 WudfPf - ok
10:31:31.0390 2016 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:31:31.0390 2016 WudfRd - ok
10:31:31.0421 2016 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:31:31.0421 2016 WudfSvc - ok
10:31:31.0500 2016 [ 2158A38F056E1C10DC7FB4277C8E6DAB ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:31:31.0515 2016 WZCSVC - ok
10:31:31.0546 2016 [ D14BDA868A9D712EE9C0DA009031B1D6 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:31:31.0562 2016 xmlprov - ok
10:31:31.0593 2016 ================ Scan global ===============================
10:31:31.0640 2016 [ 44F685AF7F4EDED2277C9E398B55F2BB ] C:\WINDOWS\system32\basesrv.dll
10:31:31.0687 2016 [ 9F7C9E3C2E25137A0D2ED51FBE18B239 ] C:\WINDOWS\system32\winsrv.dll
10:31:31.0718 2016 [ 9F7C9E3C2E25137A0D2ED51FBE18B239 ] C:\WINDOWS\system32\winsrv.dll
10:31:31.0734 2016 [ 9CEDBFBE08BC1C4F35F74B8F96E0289A ] C:\WINDOWS\system32\services.exe
10:31:31.0734 2016 [Global] - ok
10:31:31.0734 2016 ================ Scan MBR ==================================
10:31:31.0765 2016 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:31:32.0015 2016 \Device\Harddisk0\DR0 - ok
10:31:32.0015 2016 ================ Scan VBR ==================================
10:31:32.0031 2016 [ F729256A4E820A0F5563171482AC6FF9 ] \Device\Harddisk0\DR0\Partition1
10:31:32.0031 2016 \Device\Harddisk0\DR0\Partition1 - ok
10:31:32.0031 2016 ============================================================
10:31:32.0031 2016 Scan finished
10:31:32.0031 2016 ============================================================
10:31:32.0046 2124 Detected object count: 0
10:31:32.0046 2124 Actual detected object count: 0
M.f.G.

Alex

markusg 27.02.2013 13:17
bitte anleitung noch mal prüfen, insbesondere die Bilder, tdss killer noch mal konfigurieren und nutzen.

comsutra 25.03.2013 13:05
Zitat:
12:54:57.0640 0232 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:54:57.0656 0232 ============================================================
12:54:57.0656 0232 Current date / time: 2013/03/25 12:54:57.0656
12:54:57.0656 0232 SystemInfo:
12:54:57.0656 0232
12:54:57.0656 0232 OS Version: 5.1.2600 ServicePack: 3.0
12:54:57.0656 0232 Product type: Workstation
12:54:57.0656 0232 ComputerName: MINI
12:54:57.0656 0232 UserName: barna
12:54:57.0656 0232 Windows directory: C:\WINDOWS
12:54:57.0656 0232 System windows directory: C:\WINDOWS
12:54:57.0656 0232 Processor architecture: Intel x86
12:54:57.0656 0232 Number of processors: 2
12:54:57.0656 0232 Page size: 0x1000
12:54:57.0656 0232 Boot type: Normal boot
12:54:57.0656 0232 ============================================================
12:54:59.0796 0232 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:54:59.0796 0232 Drive \Device\Harddisk1\DR2 - Size: 0xFA00000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:54:59.0796 0232 ============================================================
12:54:59.0796 0232 \Device\Harddisk0\DR0:
12:54:59.0796 0232 MBR partitions:
12:54:59.0796 0232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
12:54:59.0812 0232 \Device\Harddisk1\DR2:
12:54:59.0812 0232 MBR partitions:
12:54:59.0812 0232 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7CDE0
12:54:59.0812 0232 ============================================================
12:54:59.0843 0232 C: <-> \Device\Harddisk0\DR0\Partition1
12:54:59.0843 0232 ============================================================
12:54:59.0843 0232 Initialize success
12:54:59.0843 0232 ============================================================
12:56:22.0171 1100 ============================================================
12:56:22.0171 1100 Scan started
12:56:22.0171 1100 Mode: Manual; SigCheck; TDLFS;
12:56:22.0171 1100 ============================================================
12:56:22.0703 1100 ================ Scan system memory ========================
12:56:22.0718 1100 System memory - ok
12:56:22.0718 1100 ================ Scan services =============================
12:56:22.0906 1100 Abiosdsk - ok
12:56:22.0921 1100 abp480n5 - ok
12:56:22.0968 1100 [ 5482FF197E59B4CA97CCB1B4740A2949 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:56:24.0718 1100 ACPI - ok
12:56:24.0750 1100 [ 582C901174A7F0733C6FE41C37C9A80B ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:56:25.0015 1100 ACPIEC - ok
12:56:25.0015 1100 adpu160m - ok
12:56:25.0062 1100 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:56:25.0296 1100 aec - ok
12:56:25.0343 1100 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:56:25.0421 1100 AFD - ok
12:56:25.0421 1100 Aha154x - ok
12:56:25.0437 1100 aic78u2 - ok
12:56:25.0437 1100 aic78xx - ok
12:56:25.0500 1100 [ 30A9D14627F79DA00907FD78472F2A2E ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:56:25.0718 1100 Alerter - ok
12:56:25.0750 1100 [ 2AC9E97D0E32250098EFC9AC937CA097 ] ALG C:\WINDOWS\System32\alg.exe
12:56:25.0875 1100 ALG - ok
12:56:25.0875 1100 AliIde - ok
12:56:25.0890 1100 amsint - ok
12:56:25.0906 1100 AppMgmt - ok
12:56:26.0015 1100 [ 7D53E5646BA23FD51296F7EF8979A000 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
12:56:26.0187 1100 AR5416 - ok
12:56:26.0187 1100 asc - ok
12:56:26.0203 1100 asc3350p - ok
12:56:26.0203 1100 asc3550 - ok
12:56:26.0328 1100 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:56:26.0375 1100 aspnet_state - ok
12:56:26.0390 1100 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:56:26.0593 1100 AsyncMac - ok
12:56:26.0625 1100 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:56:26.0828 1100 atapi - ok
12:56:26.0843 1100 Atdisk - ok
12:56:26.0875 1100 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:56:27.0109 1100 Atmarpc - ok
12:56:27.0156 1100 [ 8C5F1FBD05F9ACCB319234F52ABD58A6 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:56:27.0359 1100 AudioSrv - ok
12:56:27.0390 1100 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:56:27.0593 1100 audstub - ok
12:56:27.0625 1100 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:56:27.0859 1100 Beep - ok
12:56:27.0906 1100 [ 15C6AF3ABC00614E6D0031A9C0C4650D ] BITS C:\WINDOWS\system32\qmgr.dll
12:56:28.0171 1100 BITS - ok
12:56:28.0218 1100 [ CC0DEA82AC95B75FE5A2981DF9B27E52 ] Browser C:\WINDOWS\System32\browser.dll
12:56:28.0312 1100 Browser - ok
12:56:28.0343 1100 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
12:56:28.0390 1100 BrScnUsb - ok
12:56:28.0421 1100 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:56:28.0671 1100 BthEnum - ok
12:56:28.0734 1100 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:56:28.0968 1100 BthPan - ok
12:56:29.0015 1100 [ 3EFFD361BA52380246B7A073F73AEC1F ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:56:29.0125 1100 BTHPORT - ok
12:56:29.0171 1100 [ 3C5503F3FD99640872CCA0DB0133B86A ] BthServ C:\WINDOWS\System32\bthserv.dll
12:56:29.0406 1100 BthServ - ok
12:56:29.0421 1100 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:56:29.0625 1100 BTHUSB - ok
12:56:29.0765 1100 catchme - ok
12:56:29.0796 1100 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:56:30.0015 1100 cbidf2k - ok
12:56:30.0046 1100 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:56:30.0265 1100 CCDECODE - ok
12:56:30.0281 1100 cd20xrnt - ok
12:56:30.0296 1100 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:56:30.0515 1100 Cdaudio - ok
12:56:30.0531 1100 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:56:30.0765 1100 Cdfs - ok
12:56:30.0796 1100 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:56:31.0031 1100 Cdrom - ok
12:56:31.0031 1100 Changer - ok
12:56:31.0078 1100 [ 02F5DEACF251E36FD49CF7988FF13A51 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:56:31.0281 1100 CiSvc - ok
12:56:31.0312 1100 [ B2E62EC6450E0ECE720D3FEF32FCF10C ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:56:31.0531 1100 ClipSrv - ok
12:56:31.0578 1100 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:56:31.0718 1100 clr_optimization_v2.0.50727_32 - ok
12:56:31.0750 1100 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:56:31.0984 1100 CmBatt - ok
12:56:32.0000 1100 CmdIde - ok
12:56:32.0031 1100 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:56:32.0296 1100 Compbatt - ok
12:56:32.0296 1100 COMSysApp - ok
12:56:32.0312 1100 Cpqarray - ok
12:56:32.0375 1100 [ 13CB7FC794D005D60712FDD9F1362235 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:56:32.0593 1100 CryptSvc - ok
12:56:32.0593 1100 dac2w2k - ok
12:56:32.0609 1100 dac960nt - ok
12:56:32.0671 1100 [ 293D96B9A523C8D3A5F3EE448405388E ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:56:32.0781 1100 DcomLaunch - ok
12:56:32.0812 1100 [ 88A08B697755D99FFCF229E3E773B21E ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:56:33.0046 1100 Dhcp - ok
12:56:33.0078 1100 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:56:33.0328 1100 Disk - ok
12:56:33.0343 1100 dmadmin - ok
12:56:33.0390 1100 [ AE717BE311722CEEBD9A27B57757A123 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:56:33.0671 1100 dmboot - ok
12:56:33.0703 1100 [ 66B7462AD4844052D4A6CBEA3AA486A0 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:56:33.0921 1100 dmio - ok
12:56:33.0953 1100 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:56:34.0171 1100 dmload - ok
12:56:34.0203 1100 [ EB86919019E3A7FCE1DED4F89EB32E54 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:56:34.0421 1100 dmserver - ok
12:56:34.0468 1100 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:56:34.0671 1100 DMusic - ok
12:56:34.0734 1100 [ 8CB9214B148FD7B66D524609FD8C7CF5 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:56:34.0890 1100 Dnscache - ok
12:56:34.0937 1100 [ CDED26AA86A41D839CF00E96614C3B9F ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:56:35.0171 1100 Dot3svc - ok
12:56:35.0171 1100 dpti2o - ok
12:56:35.0203 1100 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:56:35.0437 1100 drmkaud - ok
12:56:35.0468 1100 [ D5E22253A2B7329A93631282FD336615 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:56:35.0703 1100 EapHost - ok
12:56:35.0734 1100 [ BF7E7D1F855ED30A0D754B72C2304123 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:56:35.0937 1100 ERSvc - ok
12:56:36.0000 1100 [ 9CEDBFBE08BC1C4F35F74B8F96E0289A ] Eventlog C:\WINDOWS\system32\services.exe
12:56:36.0031 1100 Eventlog - ok
12:56:36.0046 1100 [ A881F33B3188F5A38AA19043663E2F32 ] EventSystem C:\WINDOWS\system32\es.dll
12:56:36.0140 1100 EventSystem - ok
12:56:36.0187 1100 [ 9032405F762F1AFA92DFEF99CB078306 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
12:56:36.0265 1100 ewusbnet - ok
12:56:36.0343 1100 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:56:36.0546 1100 Fastfat - ok
12:56:36.0609 1100 [ A98A7711F918B415F4BA0880F5B537EF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:56:36.0718 1100 FastUserSwitchingCompatibility - ok
12:56:36.0796 1100 [ 7EF8ADDF0841FDE48E3D216A3D060000 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:56:37.0031 1100 Fax - ok
12:56:37.0062 1100 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:56:37.0359 1100 Fdc - ok
12:56:37.0390 1100 [ 0986FCA8FD7A56D9F1628FE6EF321090 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:56:37.0609 1100 Fips - ok
12:56:37.0625 1100 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:56:37.0859 1100 Flpydisk - ok
12:56:37.0890 1100 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:56:38.0125 1100 FltMgr - ok
12:56:38.0187 1100 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:56:38.0218 1100 FontCache3.0.0.0 - ok
12:56:38.0234 1100 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:56:38.0453 1100 Fs_Rec - ok
12:56:38.0468 1100 [ 44225407F69666099C4D4C6BC9CD804D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:56:38.0671 1100 Ftdisk - ok
12:56:38.0703 1100 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:56:38.0937 1100 Gpc - ok
12:56:39.0093 1100 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:39.0171 1100 gupdate - ok
12:56:39.0187 1100 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:39.0218 1100 gupdatem - ok
12:56:39.0234 1100 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:56:39.0468 1100 HDAudBus - ok
12:56:39.0531 1100 [ 744A3119989A6B2930CDF66A759D65CD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:56:39.0812 1100 helpsvc - ok
12:56:39.0843 1100 [ 44CC4AAAF73D16AAC6D30C3798D0C219 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:56:40.0062 1100 HidServ - ok
12:56:40.0078 1100 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:56:40.0312 1100 HidUsb - ok
12:56:40.0359 1100 [ 1322F13BBC291ADC31B5DCA438747175 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:56:40.0562 1100 hkmsvc - ok
12:56:40.0578 1100 hpn - ok
12:56:40.0625 1100 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:56:40.0703 1100 HTTP - ok
12:56:40.0765 1100 [ 08B50881BAFB64EA335D33C365E5C66D ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:56:41.0000 1100 HTTPFilter - ok
12:56:41.0046 1100 [ 60AEC3F4EC355D9F46D545A0FA08CE87 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
12:56:41.0125 1100 hwdatacard - ok
12:56:41.0171 1100 [ B93D3C81EF1D372DC5BD5E6275362E1A ] hwusbfake C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
12:56:41.0265 1100 hwusbfake - ok
12:56:41.0265 1100 i2omgmt - ok
12:56:41.0281 1100 i2omp - ok
12:56:41.0343 1100 [ D7947ECF17544CED478BD969939DB349 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:56:41.0656 1100 i8042prt - ok
12:56:41.0921 1100 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:56:42.0562 1100 ialm - ok
12:56:42.0750 1100 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:56:42.0890 1100 idsvc - ok
12:56:42.0937 1100 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:56:43.0250 1100 Imapi - ok
12:56:43.0281 1100 [ 82911FEAED2529008424DA1D51A6651B ] ImapiService C:\WINDOWS\system32\imapi.exe
12:56:43.0500 1100 ImapiService - ok
12:56:43.0515 1100 ini910u - ok
12:56:43.0765 1100 [ 47C79F7E330CBB829934D00F64D55FC9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:56:44.0109 1100 IntcAzAudAddService - ok
12:56:44.0156 1100 [ 6E91FDD73F250BBCFEBBA34A0F8C8F69 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:56:44.0484 1100 IntelIde - ok
12:56:44.0515 1100 [ 5182797825B78FABA84F7A82603E212D ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:56:44.0734 1100 intelppm - ok
12:56:44.0781 1100 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:56:45.0000 1100 Ip6Fw - ok
12:56:45.0015 1100 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:56:45.0234 1100 IpFilterDriver - ok
12:56:45.0250 1100 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:56:45.0468 1100 IpInIp - ok
12:56:45.0500 1100 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:56:45.0734 1100 IpNat - ok
12:56:45.0765 1100 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:56:46.0000 1100 IPSec - ok
12:56:46.0015 1100 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:56:46.0109 1100 IRENUM - ok
12:56:46.0140 1100 [ 3685529CAA2B14C9632E85E265BA293B ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:56:46.0343 1100 isapnp - ok
12:56:46.0375 1100 [ 51D3342D1A0C19605095405352BB009B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:56:46.0593 1100 Kbdclass - ok
12:56:46.0625 1100 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:56:46.0859 1100 kmixer - ok
12:56:46.0890 1100 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:56:47.0031 1100 KSecDD - ok
12:56:47.0078 1100 [ DFC9B89703A8A9E6B62748071C4018A7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:56:47.0171 1100 LanmanServer - ok
12:56:47.0234 1100 [ 41FED582870A61667E3A4724049EAB4F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:56:47.0312 1100 lanmanworkstation - ok
12:56:47.0312 1100 lbrtfdc - ok
12:56:47.0390 1100 [ 5B56B702C586E0ECAB3F73D3A8B804F4 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:56:47.0687 1100 LmHosts - ok
12:56:47.0734 1100 [ 05C44A00BC1F84AC9B959E0389B9F7F1 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:56:47.0937 1100 Messenger - ok
12:56:47.0968 1100 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:56:48.0187 1100 mnmdd - ok
12:56:48.0218 1100 [ EB005CB40470CE2980AFFED53FE0C84F ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:56:48.0453 1100 mnmsrvc - ok
12:56:48.0484 1100 [ 226B93EB15B1C819FA021A5167C5809D ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:56:48.0703 1100 Modem - ok
12:56:48.0734 1100 [ 705CAC1902DCD3E3181A199D7AD40D13 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:56:48.0968 1100 Mouclass - ok
12:56:49.0015 1100 [ 6A79CB27D0E608A45638CD9468269A3E ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:56:49.0250 1100 mouhid - ok
12:56:49.0265 1100 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:56:49.0515 1100 MountMgr - ok
12:56:49.0546 1100 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:56:49.0593 1100 MpFilter - ok
12:56:49.0593 1100 mraid35x - ok
12:56:49.0640 1100 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:56:49.0875 1100 MRxDAV - ok
12:56:49.0937 1100 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:56:50.0046 1100 MRxSmb - ok
12:56:50.0093 1100 [ 95468A97BB0CABCA3BAA14D2F25ADF58 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:56:50.0312 1100 MSDTC - ok
12:56:50.0328 1100 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:56:50.0578 1100 Msfs - ok
12:56:50.0593 1100 MSIServer - ok
12:56:50.0609 1100 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:56:50.0812 1100 MSKSSRV - ok
12:56:50.0906 1100 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:56:50.0937 1100 MsMpSvc - ok
12:56:50.0968 1100 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:56:51.0187 1100 MSPCLOCK - ok
12:56:51.0203 1100 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:56:51.0437 1100 MSPQM - ok
12:56:51.0484 1100 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:56:51.0718 1100 mssmbios - ok
12:56:51.0734 1100 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:56:51.0953 1100 MSTEE - ok
12:56:52.0000 1100 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:56:52.0046 1100 Mup - ok
12:56:52.0093 1100 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:56:52.0343 1100 NABTSFEC - ok
12:56:52.0390 1100 [ BA626DD0478F59E6D841B5BA136F7851 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:56:52.0640 1100 napagent - ok
12:56:52.0703 1100 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:56:52.0921 1100 NDIS - ok
12:56:52.0953 1100 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:56:53.0187 1100 NdisIP - ok
12:56:53.0234 1100 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:56:53.0328 1100 NdisTapi - ok
12:56:53.0359 1100 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:56:53.0593 1100 Ndisuio - ok
12:56:53.0609 1100 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:56:53.0843 1100 NdisWan - ok
12:56:53.0906 1100 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:56:54.0015 1100 NDProxy - ok
12:56:54.0031 1100 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:56:54.0281 1100 NetBIOS - ok
12:56:54.0312 1100 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:56:54.0578 1100 NetBT - ok
12:56:54.0656 1100 [ 760DCA57A43EE12A544D3C4C172944F1 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:56:54.0906 1100 NetDDE - ok
12:56:54.0921 1100 [ 760DCA57A43EE12A544D3C4C172944F1 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:56:55.0140 1100 NetDDEdsdm - ok
12:56:55.0203 1100 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] Netlogon C:\WINDOWS\system32\lsass.exe
12:56:55.0421 1100 Netlogon - ok
12:56:55.0453 1100 [ B27FCDC1175C84CCCEC8A543B9A2099A ] Netman C:\WINDOWS\System32\netman.dll
12:56:55.0703 1100 Netman - ok
12:56:55.0734 1100 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:56:55.0765 1100 NetTcpPortSharing - ok
12:56:55.0828 1100 [ 47E4D2E0100CE5D59A2C0DAA1E174177 ] Nla C:\WINDOWS\System32\mswsock.dll
12:56:55.0859 1100 Nla - ok
12:56:55.0921 1100 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:56:56.0140 1100 Npfs - ok
12:56:56.0203 1100 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:56:56.0453 1100 Ntfs - ok
12:56:56.0484 1100 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:56:56.0687 1100 NtLmSsp - ok
12:56:56.0765 1100 [ 7BCAB6A25F1DCAB6057B94AFD308703D ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:56:57.0015 1100 NtmsSvc - ok
12:56:57.0046 1100 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:56:57.0281 1100 Null - ok
12:56:57.0296 1100 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:56:57.0515 1100 NwlnkFlt - ok
12:56:57.0546 1100 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:56:57.0765 1100 NwlnkFwd - ok
12:56:57.0812 1100 [ 632F154061074A9A1B75ECBBA89D8D42 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:56:58.0031 1100 Parport - ok
12:56:58.0062 1100 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:56:58.0296 1100 PartMgr - ok
12:56:58.0328 1100 [ 4DF92A889E7FE15ED3834D288A0271F5 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:56:58.0531 1100 ParVdm - ok
12:56:58.0546 1100 [ B4A9C91CFDD5C68E2E48C0754E3A88F9 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:56:58.0765 1100 PCI - ok
12:56:58.0765 1100 PCIDump - ok
12:56:58.0781 1100 [ FBF3CC42488FD2CE49F9427240CD5809 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:56:58.0984 1100 PCIIde - ok
12:56:59.0046 1100 [ 3DEFB381B9CDCA9D4375BD37A3C0189B ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:56:59.0265 1100 Pcmcia - ok
12:56:59.0265 1100 PDCOMP - ok
12:56:59.0281 1100 PDFRAME - ok
12:56:59.0281 1100 PDRELI - ok
12:56:59.0296 1100 PDRFRAME - ok
12:56:59.0312 1100 perc2 - ok
12:56:59.0312 1100 perc2hib - ok
12:56:59.0359 1100 [ 9CEDBFBE08BC1C4F35F74B8F96E0289A ] PlugPlay C:\WINDOWS\system32\services.exe
12:56:59.0406 1100 PlugPlay - ok
12:56:59.0453 1100 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:56:59.0656 1100 PolicyAgent - ok
12:56:59.0718 1100 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:56:59.0937 1100 PptpMiniport - ok
12:56:59.0953 1100 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:57:00.0156 1100 ProtectedStorage - ok
12:57:00.0171 1100 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:57:00.0375 1100 PSched - ok
12:57:00.0390 1100 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:57:00.0609 1100 Ptilink - ok
12:57:00.0609 1100 ql1080 - ok
12:57:00.0625 1100 Ql10wnt - ok
12:57:00.0625 1100 ql12160 - ok
12:57:00.0640 1100 ql1240 - ok
12:57:00.0656 1100 ql1280 - ok
12:57:00.0687 1100 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:57:00.0890 1100 RasAcd - ok
12:57:00.0953 1100 [ 99056DEDCECD84C97199DF04B0C2A06C ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:57:01.0171 1100 RasAuto - ok
12:57:01.0203 1100 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:57:01.0437 1100 Rasl2tp - ok
12:57:01.0484 1100 [ 06BDE13F36B12B0732160815D4DEE293 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:57:01.0687 1100 RasMan - ok
12:57:01.0703 1100 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:57:01.0921 1100 RasPppoe - ok
12:57:01.0937 1100 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:57:02.0171 1100 Raspti - ok
12:57:02.0218 1100 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:57:02.0453 1100 Rdbss - ok
12:57:02.0484 1100 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:57:02.0687 1100 RDPCDD - ok
12:57:02.0750 1100 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:57:02.0812 1100 RDPWD - ok
12:57:02.0859 1100 [ 021ECF2D4CF03FF4F6F7FB55BCE980B7 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:57:03.0078 1100 RDSessMgr - ok
12:57:03.0125 1100 [ 3C706FD765482112C3A6D42E1D7B58BB ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:57:03.0359 1100 redbook - ok
12:57:03.0421 1100 [ 48330A8AF52D0FBFA8ED9B25AF882EB1 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:57:03.0671 1100 RemoteAccess - ok
12:57:03.0718 1100 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:57:03.0953 1100 RFCOMM - ok
12:57:04.0000 1100 [ A60D90C4E394F350D0FE26976839E10B ] RpcLocator C:\WINDOWS\system32\locator.exe
12:57:04.0218 1100 RpcLocator - ok
12:57:04.0265 1100 [ 293D96B9A523C8D3A5F3EE448405388E ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:57:04.0312 1100 RpcSs - ok
12:57:04.0343 1100 [ B1977A059FBCC68EB8A1752A3CF4CB31 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RTS5121.sys
12:57:04.0421 1100 RSUSBSTOR - ok
12:57:04.0453 1100 [ F11743652869182B2A0AD40EE16E914C ] RSVP C:\WINDOWS\system32\rsvp.exe
12:57:04.0687 1100 RSVP - ok
12:57:04.0718 1100 [ 7174F20AD9B7B7878A51ECCA03C499C2 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:57:04.0812 1100 RTLE8023xp - ok
12:57:04.0843 1100 [ 21844F6DA13ECE4737D0B7524EDEB6EC ] SamSs C:\WINDOWS\system32\lsass.exe
12:57:05.0109 1100 SamSs - ok
12:57:05.0140 1100 [ 47A1586F642C33B2300D8AC9822EC5E6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:57:05.0375 1100 SCardSvr - ok
12:57:05.0421 1100 [ 2E1B2DF1ABE710E2928AE095A2416CA2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:57:05.0656 1100 Schedule - ok
12:57:05.0703 1100 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:57:05.0812 1100 Secdrv - ok
12:57:05.0859 1100 [ D437DE698F9301BAF0FC451A4FEA79EB ] seclogon C:\WINDOWS\System32\seclogon.dll
12:57:06.0093 1100 seclogon - ok
12:57:06.0125 1100 [ D92F5928E1C76FA421CD469CCD599855 ] SENS C:\WINDOWS\system32\sens.dll
12:57:06.0359 1100 SENS - ok
12:57:06.0390 1100 [ 87DF40B4DB611EFBDF74C9B3ECCAB417 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:57:06.0578 1100 Serial - ok
12:57:06.0609 1100 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:57:06.0859 1100 Sfloppy - ok
12:57:06.0906 1100 [ 0D9AF293975F4565A53DB8876E0304CD ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:57:07.0125 1100 SharedAccess - ok
12:57:07.0171 1100 [ A98A7711F918B415F4BA0880F5B537EF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:57:07.0218 1100 ShellHWDetection - ok
12:57:07.0218 1100 Simbad - ok
12:57:07.0328 1100 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:57:07.0359 1100 SkypeUpdate - ok
12:57:07.0390 1100 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:57:07.0609 1100 SLIP - ok
12:57:07.0625 1100 Sparrow - ok
12:57:07.0656 1100 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:57:07.0906 1100 splitter - ok
12:57:07.0968 1100 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:57:08.0000 1100 Spooler - ok
12:57:08.0031 1100 [ 38E904FB6139945822B929EAF2570CA5 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:57:08.0140 1100 sr - ok
12:57:08.0218 1100 [ 58B62B642DEB5D9BC712269BF33073FA ] srservice C:\WINDOWS\system32\srsvc.dll
12:57:08.0343 1100 srservice - ok
12:57:08.0406 1100 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:57:08.0515 1100 Srv - ok
12:57:08.0546 1100 [ 05EF84F349B5718ACFC7F166C9ED8349 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:57:08.0671 1100 SSDPSRV - ok
12:57:08.0765 1100 [ 68DD74D33B4B0EC3221024BF17649404 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:57:08.0984 1100 stisvc - ok
12:57:09.0015 1100 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:57:09.0234 1100 streamip - ok
12:57:09.0296 1100 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:57:09.0515 1100 swenum - ok
12:57:09.0546 1100 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:57:09.0781 1100 swmidi - ok
12:57:09.0781 1100 SwPrv - ok
12:57:09.0796 1100 symc810 - ok
12:57:09.0812 1100 symc8xx - ok
12:57:09.0812 1100 sym_hi - ok
12:57:09.0828 1100 sym_u3 - ok
12:57:09.0859 1100 [ 0B52CBE6998E2E2CAA1D404D1A1D30DE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:57:09.0937 1100 SynTP - ok
12:57:09.0984 1100 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:57:10.0187 1100 sysaudio - ok
12:57:10.0234 1100 [ 5C95E044E50EE133A1F9CD7A20C642ED ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:57:10.0468 1100 SysmonLog - ok
12:57:10.0531 1100 [ DC7489BBF629FA7E8EB1BE6A96EC5366 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:57:10.0796 1100 TapiSrv - ok
12:57:10.0859 1100 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:57:10.0906 1100 Tcpip - ok
12:57:10.0937 1100 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:57:11.0156 1100 TDPIPE - ok
12:57:11.0203 1100 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:57:11.0421 1100 TDTCP - ok
12:57:11.0437 1100 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:57:11.0671 1100 TermDD - ok
12:57:11.0718 1100 [ 9BA79E5A12285E988FE65D26643B2930 ] TermService C:\WINDOWS\System32\termsrv.dll
12:57:11.0953 1100 TermService - ok
12:57:11.0984 1100 [ A98A7711F918B415F4BA0880F5B537EF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:57:12.0015 1100 Themes - ok
12:57:12.0031 1100 TosIde - ok
12:57:12.0078 1100 [ 95D39C8DAB384C298A0FCAE9D11E70CD ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:57:12.0328 1100 TrkWks - ok
12:57:12.0390 1100 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:57:12.0593 1100 Udfs - ok
12:57:12.0609 1100 ultra - ok
12:57:12.0656 1100 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:57:12.0937 1100 Update - ok
12:57:12.0968 1100 [ 720F67B91A60BAA415BC42FB5502A6B1 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:57:13.0093 1100 upnphost - ok
12:57:13.0125 1100 [ 29677A815EDAEA1AFDDCB0706C5252D2 ] UPS C:\WINDOWS\System32\ups.exe
12:57:13.0343 1100 UPS - ok
12:57:13.0375 1100 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:57:13.0609 1100 usbccgp - ok
12:57:13.0640 1100 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:57:13.0843 1100 usbehci - ok
12:57:13.0859 1100 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:57:14.0093 1100 usbhub - ok
12:57:14.0140 1100 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:57:14.0359 1100 usbprint - ok
12:57:14.0406 1100 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:57:14.0609 1100 usbscan - ok
12:57:14.0640 1100 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:57:14.0859 1100 usbstor - ok
12:57:14.0890 1100 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:57:15.0109 1100 usbuhci - ok
12:57:15.0125 1100 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:57:15.0343 1100 usbvideo - ok
12:57:15.0375 1100 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:57:15.0593 1100 VgaSave - ok
12:57:15.0593 1100 ViaIde - ok
12:57:15.0718 1100 [ 60C4B117ED03861379B2EE54EBFC8581 ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
12:57:15.0750 1100 VMCService ( UnsignedFile.Multi.Generic ) - warning
12:57:15.0750 1100 VMCService - detected UnsignedFile.Multi.Generic (1)
12:57:15.0781 1100 [ 9946CFCC7E445E1D846DB748299724EB ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:57:16.0000 1100 VolSnap - ok
12:57:16.0046 1100 [ 0E732B7FEBD8E568C299F7B7844A58D2 ] VSS C:\WINDOWS\System32\vssvc.exe
12:57:16.0187 1100 VSS - ok
12:57:16.0218 1100 [ 0064029A603FCAAE6FE923A36BE93D86 ] W32Time C:\WINDOWS\system32\w32time.dll
12:57:16.0531 1100 W32Time - ok
12:57:16.0640 1100 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files\Wajam\Updater\WajamUpdater.exe
12:57:16.0671 1100 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
12:57:16.0671 1100 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
12:57:16.0718 1100 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:57:16.0968 1100 Wanarp - ok
12:57:16.0968 1100 WDICA - ok
12:57:17.0015 1100 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:57:17.0296 1100 wdmaud - ok
12:57:17.0343 1100 [ FF0BFDF40334A24D5C3334004966B505 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:57:17.0562 1100 WebClient - ok
12:57:17.0625 1100 [ 819C68FF6C4C63886D636FFB2DABF5EF ] WINIO C:\WINDOWS\system32\WinIo.sys
12:57:17.0640 1100 WINIO ( UnsignedFile.Multi.Generic ) - warning
12:57:17.0640 1100 WINIO - detected UnsignedFile.Multi.Generic (1)
12:57:17.0750 1100 [ C0434C31A059EB92FF378DF3E60B9967 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:57:17.0968 1100 winmgmt - ok
12:57:18.0015 1100 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:57:18.0125 1100 WmdmPmSN - ok
12:57:18.0171 1100 [ 74A8863A5D168AF325FE7744359374C6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:57:18.0406 1100 WmiApSrv - ok
12:57:18.0531 1100 [ EFD0218C157DBFC71CF88DF8FF6ED100 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:57:18.0640 1100 WMPNetworkSvc - ok
12:57:18.0671 1100 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:57:18.0890 1100 WS2IFSL - ok
12:57:18.0937 1100 [ BC50F125804F7E5E2CCBCB2E008C57CE ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:57:19.0250 1100 wscsvc - ok
12:57:19.0265 1100 WSearch - ok
12:57:19.0281 1100 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:57:19.0484 1100 WSTCODEC - ok
12:57:19.0531 1100 [ 92F33CF2ED203160B68C16C51074D531 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:57:19.0734 1100 wuauserv - ok
12:57:19.0781 1100 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:57:19.0828 1100 WudfPf - ok
12:57:19.0859 1100 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:57:19.0906 1100 WudfRd - ok
12:57:19.0921 1100 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:57:19.0953 1100 WudfSvc - ok
12:57:20.0015 1100 [ 2158A38F056E1C10DC7FB4277C8E6DAB ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:57:20.0281 1100 WZCSVC - ok
12:57:20.0328 1100 [ D14BDA868A9D712EE9C0DA009031B1D6 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:57:20.0578 1100 xmlprov - ok
12:57:20.0609 1100 ================ Scan global ===============================
12:57:20.0656 1100 [ 44F685AF7F4EDED2277C9E398B55F2BB ] C:\WINDOWS\system32\basesrv.dll
12:57:20.0734 1100 [ 9F7C9E3C2E25137A0D2ED51FBE18B239 ] C:\WINDOWS\system32\winsrv.dll
12:57:20.0750 1100 [ 9F7C9E3C2E25137A0D2ED51FBE18B239 ] C:\WINDOWS\system32\winsrv.dll
12:57:20.0765 1100 [ 9CEDBFBE08BC1C4F35F74B8F96E0289A ] C:\WINDOWS\system32\services.exe
12:57:20.0781 1100 [Global] - ok
12:57:20.0781 1100 ================ Scan MBR ==================================
12:57:20.0812 1100 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:57:21.0203 1100 \Device\Harddisk0\DR0 - ok
12:57:21.0218 1100 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR2
12:57:29.0203 1100 \Device\Harddisk1\DR2 - ok
12:57:29.0203 1100 ================ Scan VBR ==================================
12:57:29.0250 1100 [ F729256A4E820A0F5563171482AC6FF9 ] \Device\Harddisk0\DR0\Partition1
12:57:29.0250 1100 \Device\Harddisk0\DR0\Partition1 - ok
12:57:29.0265 1100 [ C3E0BBA2D717784D190DD32301F57321 ] \Device\Harddisk1\DR2\Partition1
12:57:29.0265 1100 \Device\Harddisk1\DR2\Partition1 - ok
12:57:29.0265 1100 ============================================================
12:57:29.0265 1100 Scan finished
12:57:29.0265 1100 ============================================================
12:57:29.0375 0960 Detected object count: 3
12:57:29.0375 0960 Actual detected object count: 3
13:03:17.0046 0960 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:17.0046 0960 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:17.0062 0960 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:17.0062 0960 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:17.0062 0960 WINIO ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:17.0062 0960 WINIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
M.f.G. Alex

markusg 26.03.2013 17:00
hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

comsutra 27.03.2013 11:13
Combofix Logfile:
Code:
ComboFix 13-03-26.01 - barna 013.03.26.  18:48:54.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.36.1038.18.1014.599 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 * Created a new restore point
.
.
(((((((((((((((((((((((((  Files Created from 2013-02-26 to 2013-03-26  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 16:12 . 2012-02-04 15:48        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-24 102400]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2008-08-26 1675264]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-07-03 375296]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Indítópult\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-7-1 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009.09.18. 16:48 9216]
R2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2012.10.05. 16:08 109064]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009.07.01. 9:09 153600]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.10.19. 16:14 160944]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010.04.26. 16:20 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010.04.27. 17:40 100480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 12:25        1606760        ----a-w-        c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-30 12:20]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-30 12:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.mainap.hu/?pc=UP22&ocid=UP22DHP&dt=010713
FF - ProfilePath - c:\documents and settings\barna\Application Data\Mozilla\Firefox\Profiles\6jrxibw6.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-12-19 09:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-26 18:55
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3420)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\hu-hu\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\hu-hu\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-26  18:57:21
ComboFix-quarantined-files.txt  2013-03-26 17:57
ComboFix2.txt  2013-01-16 14:39
.
Pre-Run: 66*666*557*440 bájt szabad
Post-Run: 66*656*473*088 bájt szabad
.
- - End Of File - - 8E2182092479AE7EF11E8BEAD7ADD6CF
--- --- ---


M.f.G.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131